Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Annex to the Statement of Management Responsibility Including Internal Control Over Financial Reporting 2012-2013
Summary of the Assessment of Effectiveness of the System of Internal Control over Financial Reporting and the Action Plan for Fiscal Year 2012-2013
- 1. Introduction
- 2. Departmental system of internal control over financial reporting
- 3. Departmental assessment results during fiscal year 2012-2013
- 4. CIDA's action plan
This document provides summary information on the measures taken by the Canadian International Development Agency (CIDA or the Agency) to maintain an effective system of internal control over financial reporting (ICFR) including information on internal control management and assessment results and related action plans.
Detailed information on the Agency's authority, mandate, and program activities can be found in Departmental Performance Report and Report on Plans and Priorities.
On June 26, 2013, Economic Action Plan 2013 Act, No. 1, received Royal Assent amalgamating the former Department of Foreign Affairs and International Trade (DFAIT) and Canadian International Development Agency (CIDA), and thus creating the Department of Foreign Affairs, Trade and Development (DFATD). This annex presents CIDA's control environment, assessment results and future year commitments notwithstanding the amalgamation. Future year commitments will be reassessed in 2013-14 in the light of the DFATD processes, control environment and risks.
2. Departmental System of Internal Control over Financial Reporting
2.1 Internal Control Management
The Agency has a well established governance and accountability structure to support departmental assessment efforts and oversight of its system of internal control. A departmental internal control management framework (ICFR), is in place, which includes:
- organizational accountability structures as they relate to internal control management to support sound financial management including roles and responsibilities for senior managers in their areas of responsibility for control management;
- values and ethics;
- on-going communication and training on statutory requirements, policies, and procedures for sound financial management and control; and
- monitoring and regular updates on internal control management plus assessment results and action plan to the Deputy Minister and senior management, and the Audit Committee (DAC).
The scope of the ICFR extends well beyond the Chief Financial Officer Branch into major aspects of the Agency's information technology, legal and other business lines. Everyone in the Agency has a responsibility for internal control.
Deputy Minister – In the Federal Government, Deputy Heads have always had the responsibility to ensure that internal controls are regularly reviewed in the context of risk, ensuring that those internal controls are balanced against and proportional to the risks that they mitigate. The Agency's Deputy Minister, as Accounting Officer, assumes overall responsibility and leadership for the measures taken to maintain an effective system of internal control. In this role, the Deputy Minister chairs the Audit Committee and the Management Board and receives advice and recommendations from the members.
Chief Financial Officer (CFO) – The Agency's CFO reports directly to the Deputy Minister and provides leadership for the coordination, coherence and focus on the design and maintenance of an effective and integrated system of ICFR, including its annual assessment.
Senior Managers – CIDA's senior managers in charge of program delivery or corporate branches are responsible for establishing and maintaining a system of internal control for their areas of responsibility and within the Agency's system of internal control.
Chief Audit Executive (CAE) – Consistent with the Policy on Internal Control (PIC), CIDA has a qualified CAE who establishes plans and performs risk-based internal audits necessary to provide an independent annual assurance report to the deputy head on the adequacy and effectiveness of risk management, control and governance processes within the Agency, which are instrumental to the maintenance of an effective system of ICFR.
Audit Committee (AC) – The Audit Committee is an advisory committee that provides objective advice to the Deputy Minister on the adequacy of the Agency's risk management, control and governance frameworks. It is comprised of three external members and one internal member, the Agency's President. As such, the committee reviews the Agency's Corporate Risk Profile and its system of internal control, including the annual assessment and action plans relating to the system of ICFR.
Management Board (MB) – Senior management commitment and sponsorship are imperative considering that the ICFR framework will impact many of the Agency's branches. As the Agency's central decision-making body, the Management Board reviews, approves and monitors the Corporate Risk Profile and the departmental system of internal control.
Corporate Reporting and Financial Controls group – The Corporate reporting and financial controls group plays an important part in managing the ICFR framework based on its current areas of responsibilities. The group is responsible for managing the ICFR framework and to coordinate the documentation and assessment of the key financial processes and internal controls.
2.2 Key Measures Taken by CIDA
CIDA's control environment includes a series of measures to equip its staff with the ability to manage risks through raising awareness, providing the appropriate knowledge and the necessary tools to develop such skills. CIDA focuses on the following key control elements:
- Governance – The Agency has an established sound governance structure and receives strategic direction through the MB and standing committees.
- Strategic Management Agenda – The Agency has a detailed strategic management agenda that provides clear orientation to managers and their staff.
- Corporate Risk Profile – CIDA's regularly updated Corporate Risk Profile provides a proactive and systematic process to understand, manage and communicate risk across the Agency. It provides a continuous assessment of risk and a systematic response to the threats and opportunities faced by the Agency in the context of its mandate, objectives and resources.
- Values and Ethics – CIDA adheres to the Values and Ethics Code for the Public Sector and has implemented its internal Code of Conduct, which provides mechanisms for listening to employee concerns, ensuring broad training on values and ethics issues, and linking values and ethics to integrated risk management.
- Human Resources Management – Financial management accountabilities are systematically set out as a mandatory commitment in annual performance management agreements for executives. CIDA engages in integrated business and human resources planning, that also includes financial management requirements for managers and financial experts.
- Communication and Training – CIDA has a suite of financial management and contracting courses designed for managers and specialists, some of which are provided by the Canada School of Public Service. Some courses are mandatory, in particular for managers and members of financial and procurement communities. The courses offered internally by CIDA complement those offered by the School by providing managers with additional training on the CIDA expenditure/budget context, its internal financial policies, reports and budget management practices, including CIDA's contractual and financial delegation instrument. A performance and learning plan exercise is performed annually to ensure that training needs are identified and appropriate learning strategies are employed. CIDA also has structured learning paths for managers and financial specialists to ensure that their learning is appropriately identified and planned each year in conjunction with the annual learning plan exercise.
In addition to various corporate events aimed at raising awareness of responsible stewardship, CIDA has implemented an on-line tool – “CIDA@Work”, which is the primary source of up-to-date information for employees on what rules and tools must be used to guide them in the performance of their duties.
- IT Environment – An ongoing review of IT processing systems is performed to strengthen security, data integrity, efficiency and effectiveness. This involves strengthening the governance over processes and systems through the creation of whole-of-agency oversight and operating committees that enable process owner/stakeholder engagement. These include an Information Management and Information Technology Senior Advisory Committee and a Data Management Committee. The consideration of risks associated with systems and supporting business processes has been incorporated in a formal Certification and Accreditation Process.
- Legislation, Regulations and Policies – Mandatory requirements flowing from legislation, regulations and policies are systematically communicated to employees and are periodically reinforced through various awareness opportunities and learning events. Departmental policies are tailored to the Agency's business and control environments.
- Internal Audit Plan – The Agency has a rolling 3-year risk-based audit plan that is updated yearly, in consultation with senior management across the Agency. The plan, which is shared with the Office of the Comptroller General, is developed to ensure audit projects assess key governance, risk management and control practices of the organization, focusing on those areas that represent the highest perceived risk and significance to the Agency. In 2012-2013, CIDA initiated four internal audit projects, and finalized five internal audit reports. These reports were reviewed by the AC members and sometimes modified as a result of their advice. The AC recommends the approval of the reports to the Deputy Minister. After the Deputy Minister approves the audit reports, they are posted on the Agency's public website. The AC regularly follows up on progress made by management in implementing its action plan to address recommendations contained in audit reports.
2.3 Service Arrangements Relevant to Financial Statements
The Agency relies on other organizations for the processing of certain transactions that are recorded in its financial statements as follows:
- Public Works and Government Services Canada (PWGSC) centrally administers the payments of salaries and the procurement of goods and services, and provides accommodation services;
- Treasury Board Secretariat provides the Agency with the employer's contribution to health and dental insurance plans, and with information used to calculate various accruals and allowances, such as the accrued severance liability.
- The Department of Justice provides legal services to CIDA; and
- Shared Services Canada (SSC) provides IT infrastructure services to CIDA in the areas of data centre and network services. The scope and responsibilities are addressed in the interdepartmental arrangement between SSC and CIDA.
- Agriculture and Agri-Food Canada provides the Agency with a SAP financial system platform to capture and report all financial transactions.
- The Department of Foreign Affairs and International Trade (DFAIT) provided payment processing, accounting and banking services to all CIDA offices that are located within the Canadian High Commissions or Embassies abroad. DFAIT also prepared periodic financial reports for CIDA staff detailing the Agency's expenses that were incurred directly in the field.
3. Departmental Assessment Results during Fiscal Year 2012-2013
- In support of the Policy on Internal Control, an effective system of ICFR must be aligned with the objectives to provide reasonable assurance that:
- transactions are appropriately authorized;
- financial records are properly maintained;
- assets are safeguarded; and
- applicable laws, regulations and policies are adhered to.
This includes assessment of the design and operating effectiveness of the system of ICFR, leading to on-going monitoring and continuous improvement of the Agency's system of ICFR.
Assessing design effectiveness means that key control points are identified, documented, implemented and aligned with the risks they aim to mitigate, weaknesses are identified, and any required remediation is addressed. This includes the mapping of key IT systems, business processes to the main accounts, and other processes by location as applicable.
Assessing operating effectiveness means that the application of key controls has been tested over a defined period, that any weaknesses are identified and that any required remediation is addressed. Such testing covers all departmental control levels, including entity (corporate) level controls, IT general controls and business process controls.
On-going monitoring means that a systematic, integrated approach to monitoring is in place in support of continuous improvement, including periodic risk-based assessments and timely remediation.
During 2012-2013, the Agency completed most of its design effectiveness testing and operating effectiveness testing of key control areas. An internal control framework was established, which specifies, in particular, the roles and responsibilities and the control environment.
As per plan, on-going monitoring has started in 2012-2013.
3.1 Design Effectiveness Testing of Key Controls
During the current year, the Agency completed its design effectiveness testing of the last remaining key control items:
- transfer payments responsive approach and program-based approach;
- loans to developing countries and International Financial Institutions (IFIs); and
- budgeting and forecasting.
Remediation of control deficiencies have for the most part been addressed in these control areas. Where feasible, remediation requirements were addressed as soon as the necessary adjustments had been identified. Otherwise, management action plans either were or are currently being developed to fully address the control weaknesses within a reasonable timeframe. A follow-up process on recommendations has been put in place to ensure that each of the remediation measures is being implemented as planned.
As a result of design effectiveness testing, the existence of relevant and strong financial controls was confirmed. The main control objectives pertaining to each process were generally well supported by appropriate control activities.
The Agency identified the following remediation required:
- greater consistency in the quality and availability of documentation of controls; and
- greater evidence of review prior to approval of documents.
3.2 Operating Effectiveness of Key Controls
In 2012-2013, the Agency completed operating effectiveness testing of the last remaining key controls items:
- professional services expenses;
- Canada Investment Fund for Africa (CIFA);
- accrued liability for matching funds program; and
- accrued employee severance benefits.
Required remediation has been completed for CIFA and accrued employee severance benefits, with remediation still in progress for professional services expenses and accrued liability for matching funds program. Where feasible, specific remediation requirements were addressed shortly after the necessary adjustments were identified. In other cases, management action plans are being developed to fully address the control weaknesses within a reasonable timeframe. A follow-up is performed on each of the remediation measures according to a monitoring program that will be established over the next year.
As a result of the operating effectiveness testing, although no significant deficiencies have been identified, the Agency identified the following remediation required:
- greater consistency in the quality and availability of documentation of controls and procedures, and evidence of review prior to approval of documents;
- minor weaknesses in user access rights and segregation of duties (IT general controls); and
- potential improvements to enhance the operating effectiveness of key controls.
3.3 On-going Monitoring Program
In 2012-2013, the Agency defined a draft strategy for the on-going monitoring of financial controls. This document outlines the rationale and the frequency of testing of key financial controls, for each significant process. This draft on-going monitoring program will be refined in the next fiscal years and is planned to be fully implemented in 2014-2015.
In the current year, the Agency completed planned on-going monitoring of entity level controls (ELC). Generally, the entity-level control objectives were met and supporting activities addressed the key risks over financial reporting.
As a result of on-going monitoring, the Agency identified the following remediation required:
- clarification of roles and responsibilities and processes regarding disclosure of wrongdoing and fraud risk assessment;
- CIDA reiterated the importance of maintaining good supporting documentation, audit trails and evidence when performing financial internal controls.
4. CIDA's Action Plan
4.1 Progress during Fiscal Year 2012-2013
During 2012-2013, the Agency has continued to make significant progress in assessing and improving its key controls.
|Element in previous year's action plan||Status|
|Transfer payments responsive approach and program-based approach, loans to developing countries and IFIs, and budgeting and forecasting – design effectiveness testing and remediation of deficiencies.|
Additional assessments of the design and operating effectiveness of key financial controls of field expenditures, in support of the decentralization of Agency operations.
|Design effectiveness completed with remediation of design deficiencies substantially advanced for loans to developing countries and IFIs.|
Remediation has started for transfer payments responsive approach and program-based approach, and for budgeting and forecasting.
Financial control assessments of field expenditures were not performed due to delays with the decentralization initiative.
|Professional services expenses, Canada Investment Fund for Africa, accrued liability for matching funds program and accrued employee severance benefits – operating effectiveness testing and remediation of deficiencies.||Operating effectiveness testing completed and remediation substantially advanced for Canada Investment Fund for Africa, accrued liability for matching funds program and accrued employee severance benefits.|
Remediation has started for professional services expenses.
|Entity level controls - On-going monitoring.||Reassessment completed for entity level controls and remediation has started.|
|Internal control framework, which specifies, in particular, the roles and responsibilities and the control environment.||An internal control framework was established.|
4.2 Action Plan for the Next Fiscal Year and Subsequent Years
Building on progress to date, the Agency would be positioned to complete the assessment of its system of ICFR in 2013-2014. At that time, the Agency would have been applying its rotational on-going monitoring plan to reassess control performance on a risk basis across all control areas.
|Key Control Areas||Assessment elements|
|Design effectiveness testing and remediation||Operational effectiveness testing and remediation||On-going monitoring rotation Footnote 1|
|Entity level controls||Complete||Note 2||Complete|
|IT general controls under departmental management||Complete||Note 2||Note 1|
|Transfer payments: multilateral grants approach||Complete||Complete||Note 1|
|Transfer payments: directive contributions approach||Complete||Note 1||Note 1|
|Transfer payments: responsive approach||Complete||Note 1||Note 1|
|Transfer payments: program-based approach||Complete||Note 1||Note 1|
|Salaries and employee benefits||Complete||Complete||Note 1|
|Professional and special services expenses||Complete||Complete||Note 1|
|Gains and losses on foreign exchange||Complete||Complete||Note 1|
|Loans to developing countries and IFIs||Complete||Complete||Note 1|
|Investments and advances to IFIs||Complete||Complete||Note 1|
|Canada Investment Fund for Africa||Complete||Complete||Note 1|
|Prepaid expenses||Complete||Complete||Note 1|
|General accounts payable and accrued liabilities||Complete||Complete||Note 1|
|Accrued liability for Matching Funds Program||Complete||Complete||Note 1|
|Accrued employee severance benefits||Complete||Complete||Note 1|
|Contractual obligations||Complete||Complete||Note 1|
|Contingent liabilities||Complete||Complete||Note 1|
|Year-end closing and financial statements preparation||Complete||Complete||Note 1|
|Adjusting journal entries||Complete||Complete||Note 1|
|Interdepartmental settlements||Complete||Complete||Note 1|
|Budgeting and forecasting||Complete||Note 1||Note 1|
|Field expenditures||Financial controls assessments are performed on the field on a rotational basis|
Note 1: Effective June 26, 2013, the Government amalgamated the Department of Foreign Affairs and International Trade (DFAIT) and the Canadian International Development Agency (CIDA), and thus creating the Department of Foreign Affairs, Trade and Development (DFATD). This amalgamation will have an impact on the Policy on Internal Control implementation and more particularly future year commitments. The potential impact is to be reassessed by DFATD in 2013-2014.
Note 2: The operating effectiveness of the entity level controls and IT general controls is included as part of the Agency's overall assessment of all its business processes.
- Date Modified: